1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
Return-Path: <lloyd.fourn@gmail.com>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 8D33CC002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 4 May 2022 00:27:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp1.osuosl.org (Postfix) with ESMTP id 8A771823CB
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 4 May 2022 00:27:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp1.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp1.osuosl.org ([127.0.0.1])
by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id nmjk9eK4fm1W
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 4 May 2022 00:27:15 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com
[IPv6:2a00:1450:4864:20::12e])
by smtp1.osuosl.org (Postfix) with ESMTPS id 6215D81D67
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 4 May 2022 00:27:15 +0000 (UTC)
Received: by mail-lf1-x12e.google.com with SMTP id w1so32939936lfa.4
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 03 May 2022 17:27:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=TyPdByrOhRqDAnJVsJJVdxv527Vn7sW2B1/nLswqdvE=;
b=VWe4puKfX5tyhOdvLmszyG+5K3BZFYuLfQLjZr454RTmuF2ySYUCKpy8Le5kD23hsb
OUsEGEaHxCYfUqXJGoKpJEl2paolNy06+ATAarRWsJRiobRF/8syqW3eh60Cub/jnlL7
XovZTURcj2iZ+KvKS5EGCPxlsMZkIP67PIzfUWf+HZtAGP9lhP161/5zPdsx3BjNAbD/
rQE0V6d8trwgvu5TPdpLuIT+Cm8nIozy7o/aJR7wbYmDj6x+/vAafWAh+/QbhSy6J6wz
IbOOvDKtFHTL0IYH78NKXs9f0Eza8MU12INAUeL0NDP6PbU1KPy4Zdz0CYA8b0NW/MOU
YNWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=TyPdByrOhRqDAnJVsJJVdxv527Vn7sW2B1/nLswqdvE=;
b=JW0xHtKxpy3PHbBrDTRXZsjtTtmTpWq/eQm/YHM5xXE9/SE2yKJ+CU+QR47w7vXkLv
sR5LvkHUF8WsvS0g90g1QEgaVMsaHJK6lg8CKoBuin/e607lLf65834OJ3a9oNiUSc8N
lq+cyIM4c9RVctbR0lS4IT2BrL4wH5caX/HMsOEPrWs/N9/5rZ9smnbVmJOSzoeiUsPB
Hcir8vhkgsGK1FdscTOS+gsukxhuQguTSyJk+URQHhTQQ3DMRwC82QkA3Nc1/9w1mVl0
O1mdgtwTsR5qUEbga2lGWVEpUtEapdfJplX2UKoncT+f07A5Sx/FWVt61+q8RC/Eahk+
ZEIQ==
X-Gm-Message-State: AOAM532NwwYIhrAuRI7kyujQKu9Z80eLImWSzH9NRZGRrg70sjgvkD+S
S9wBZgOx3hZexuySobk6W8FZhh/dVDr6ZPfmbDI=
X-Google-Smtp-Source: ABdhPJw1M0JYPUHjlX3lBuVmF0/cT00AeSIcwzxU3b0rFcPXLv48YeToLzCKn3h4jY4l3syWRPgzw+27HQv/ASDW84M=
X-Received: by 2002:a05:6512:2586:b0:472:6266:4052 with SMTP id
bf6-20020a056512258600b0047262664052mr8612427lfb.684.1651624032896; Tue, 03
May 2022 17:27:12 -0700 (PDT)
MIME-Version: 1.0
References: <68441995-c7d44f8b69d56a75112afa495bca5bf9@pmq6v.m5r2.onet>
In-Reply-To: <68441995-c7d44f8b69d56a75112afa495bca5bf9@pmq6v.m5r2.onet>
From: Lloyd Fournier <lloyd.fourn@gmail.com>
Date: Wed, 4 May 2022 10:26:46 +1000
Message-ID: <CAH5Bsr0rUuRrVoWO+xBGqwrTrJNwCp0akUD4OGB0RvU2ttWx6g@mail.gmail.com>
To: vjudeu@gazeta.pl,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000c88a2705de24af9e"
X-Mailman-Approved-At: Wed, 04 May 2022 08:00:49 +0000
Subject: Re: [bitcoin-dev] Password-protected wallet on Taproot
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2022 00:27:16 -0000
--000000000000c88a2705de24af9e
Content-Type: text/plain; charset="UTF-8"
Hi Vjudeu,
Perhaps this could make sense in some setting. e.g. instead of a hardware
device which protects your secret key via pin you use a pinless device but
you create a strong password and use a proper password hash to create
another key and put them in a 2-of-2. But make sure you don't use sha256 to
hash the password. Use a proper password hash. Keep in mind there's also
bip39 passwords which do a similar but this does involve entering them into
the possibly malicious hardware device.
Cheers,
LL
On Mon, 2 May 2022 at 03:56, vjudeu via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> It seems that Taproot allows us to protect each individual public key with
> a password. It could work in this way: we have some normal, Taproot-based
> public key, that is generated in a secure and random way, as it is today in
> Bitcoin Core wallet. Then, we can create another public key, just by taking
> password from the user, executing SHA-256 on that, and using it as a
> private key, so the second key will be just a brainwallet. Then, we can
> combine them in a Schnorr signature, forming 2-of-2 multisig, where the
> first key is totally random, and the second key is just a brainwallet that
> takes a password chosen by the user. By default, each key can be protected
> with the same password, used for the whole wallet, but it could be possible
> to choose different passwords for different addresses, if needed.
> Descriptors should handle that nicely, in the same way as they can be used
> to handle any other 2-of-2 multisig.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--000000000000c88a2705de24af9e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi Vjudeu,<div><br></div><div>Perhaps this could make sens=
e in some setting. e.g. instead of a hardware device which protects your se=
cret key via pin you use a pinless device but you create a strong password =
and use a proper password hash to create another key and put them in a 2-of=
-2. But make sure you don't use sha256 to hash the password. Use a prop=
er password hash. Keep in mind there's also bip39 passwords which do a =
similar but this does involve entering them into the possibly malicious har=
dware device.</div><div><br></div><div>Cheers,</div><div><br></div><div>LL<=
/div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_a=
ttr">On Mon, 2 May 2022 at 03:56, vjudeu via bitcoin-dev <<a href=3D"mai=
lto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundatio=
n.org</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:=
1ex">It seems that Taproot allows us to protect each individual public key =
with a password. It could work in this way: we have some normal, Taproot-ba=
sed public key, that is generated in a secure and random way, as it is toda=
y in Bitcoin Core wallet. Then, we can create another public key, just by t=
aking password from the user, executing SHA-256 on that, and using it as a =
private key, so the second key will be just a brainwallet. Then, we can com=
bine them in a Schnorr signature, forming 2-of-2 multisig, where the first =
key is totally random, and the second key is just a brainwallet that takes =
a password chosen by the user. By default, each key can be protected with t=
he same password, used for the whole wallet, but it could be possible to ch=
oose different passwords for different addresses, if needed. Descriptors sh=
ould handle that nicely, in the same way as they can be used to handle any =
other 2-of-2 multisig.<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--000000000000c88a2705de24af9e--
|
